Kubernetes-native system managing the full lifecycle of conformant Kubernetes clusters as a service on Alicloud, AWS, Azure, GCP, OpenStack, vSphere, KubeVirt, Hetzner, EquinixMetal, MetalStack, and OnMetal with minimal TCO.
OTHER License
Bot releases are hidden (Show)
Published by gardener-robot-ci-3 over 1 year ago
[OPERATOR]
A bug has been fixed for Istio-Ingress Gateways for seeds that use ExposureClassHandler
s. Earlier, annotations in seed.spec.settings.loadBalancerServices
caused an override of the ones specified in gardenletConfiguration.exposureClassHandler[].loadBalancerService
for zonal Istios. Now, annotations in gardenletConfiguration.exposureClassHandler[].loadBalancerService
are given priority, like it was already the case of the global Istio. by @gardener-ci-robot [#8180][OPERATOR]
Adapt vpa-updater QPS limits such that it doesn't get throttled on large clusters by @gardener-ci-robot [#8176]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.72.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.72.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.72.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.72.3
operator: eu.gcr.io/gardener-project/gardener/operator:v1.72.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.72.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.72.3
Published by gardener-robot-ci-1 over 1 year ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.74.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.74.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.74.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.74.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.74.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.74.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.74.1
Published by gardener-robot-ci-1 over 1 year ago
alpha.featuregates.shoot.gardener.cloud/node-local-dns
is deprecated and will be removed in future releases. Use field .spec.systemComponents.nodeLocalDNS.enabled
in Shoot
instead. Switching on node-local-dns via shoot specification will roll the nodes even if node-local-dns was enabled beforehand via annotation. (gardener/gardener#8067, @acumino)alpha.featuregates.shoot.gardener.cloud/node-local-dns-force-tcp-to-{cluster-dns, upstream-dns}
is deprecated and will be removed in future releases. Use field .spec.systemComponents.{nodeLocalDNSforceTCPToClusterDNS, nodeLocalDNSforceTCPToUpstreamDNS}
in Shoot
instead. (gardener/gardener#8067, @acumino).spec.settings.ownerChecks
field is now no-op - the gardener-apiserver
no longer defaults this field and no longer validates it. The field will be set always to nil
on CREATE/UPDATE request. (gardener/gardener#7951, @dimitar-kostadinov)
HAControlPlanes
and FullNetworkPoliciesInRuntimeCluster
have been removed. (gardener/gardener#8083, @rfranzke)shootstate-extensions
and shootstate-secret
controllers have been dropped. The gardenlet
's component config file should be updated to no longer specify related configuration (.controllers.{shootSecret,shootStateSync}
). (gardener/gardener#8136, @rfranzke)gardener.cloud/operation
annotation was introduced to seeds
. This includes a verification of its value. Please check your seeds
for this annotation and remove it if necessary prior to the update. (gardener/gardener#8152, @timebertt).spec.virtualCluster.dns.domains
was added to the Garden
API. This field allows to expose the kube-apiserver
of the virtual cluster via multiple domains. Earlier, the API only accepted one domain name via .spec.virtualCluster.dns.domain
. (gardener/gardener#8173, @gardener-ci-robot)
.spec.virtualCluster.dns.domain
is deprecated and will be removed in the next release. Please update your Garden
resource to the new .spec.virtualCluster.dns.domains
field by removing the existing domain configuration from dns.domain
and add it as the first entry of dns.domains
.kind
-based setups are supported. Please refer to this guide for all information. (gardener/gardener#8075, @oliver-goetz)allow-to-seed-apiserver
NetworkPolicy
is no longer available in garden or seed clusters. Use allow-to-runtime-apiserver
instead. (gardener/gardener#8083, @rfranzke)VerticalPodAutoscaler
resources for kube-proxy
s is no longer recreated when the Kubernetes patch version of the Shoot
or the respective worker pools is updated. This ensures updated kube-proxy
s keep the same CPU/memory resource requirements as before the patch version update. In order to put this change into effect, all existing VerticalPodAutoscaler
s for kube-proxy
s are getting recreated. (gardener/gardener#8071, @rfranzke)nginx-ingress-controller
image is updated to v1.8.0
for Kubernetes v1.24+
clusters, to v1.6.4
for Kubernetes v1.23
clusters, and to v1.4.0
for Kubernetes v1.22
clusters. (gardener/gardener#8096, @shafeeqes)InternalSecret
per Shoot for syncing the client CA to the project namespace in the garden cluster (named <shoot-name>.ca-client
). The shoots/adminkubeconfig
subresource signs short-lived client certificates by retrieving the CA from the InternalSecret
. (gardener/gardener#8088, @timebertt)gardenlet
for periodically backing up the ShootState
for Shoot
s has been introduced. This controller is only activated when gardenlet
is responsible for an unmanaged Seed
(i.e., one not backed by a ManagedSeed
object). By default, backups are taken roughly each 6h
. (gardener/gardener#8112, @rfranzke)gardenlet
is responsible for a managed Seed
, it will delete all ShootState
resources for its Shoot
s that are not currently in migration. See also GEP-22 for further details about the motivation. (gardener/gardener#8144, @rfranzke)Machine
objects. This fix is relevant if feature gate MachineControllerManagerDeployment
is enabled in your landscape. (gardener/gardener#8121, @timuthy)gardener-resource-manager
's system-components-config
webhook no longer adds the toleration for the ToBeDeletedByClusterAutoscaler
taint to system components in shoot clusters. The ToBeDeletedByClusterAutoscaler
taint is maintained by the cluster-autoscaler
. This was breaking cluster-autoscaler
's drain mechanism when scaling down an under-utilized node. It was causing just evicted system components from to be deleted node to be scheduled again on the to be deleted node. (gardener/gardener#8172, @gardener-ci-robot)ExposureClassHandler
s. Earlier, annotations in seed.spec.settings.loadBalancerServices
caused an override of the ones specified in gardenletConfiguration.exposureClassHandler[].loadBalancerService
for zonal Istios. Now, annotations in gardenletConfiguration.exposureClassHandler[].loadBalancerService
are given priority, like it was already the case of the global Istio. (gardener/gardener#8178, @gardener-ci-robot)ControlPlane
actuator will now redeploy the cloud config chart to allow provider extensions update the content with the most up-to-date information. (gardener/gardener#8106, @kon-angelo)ManagedResource
, has been increased from 1m
to 3m
. (gardener/gardener#8085, @ScheererJ)Deploying Shoot namespace in Seed
step was slightly improved. Earlier it failed at some occasions when it tried to read zone information for volumes that have not been created yet. This was a transient error that dissolved in subsequent reconcile runs. (gardener/gardener#8115, @timuthy)extensions.gardener.cloud/v1alpha1.ControlPlane
is now deployed after kube-apiserver
in the Shoot reconciliation flow. (gardener/gardener#8182, @gardener-ci-robot)telegraf
and tune2fs
is upgraded from 3.17.2 to 3.18.0 (gardener/logging#201, @nickytd)fluent-bit-vali-plugin
now supports fluent-bit v2.1.0 and above. (gardener/logging#205, @nickytd)UnavailableReplicas
in determining if a machine deployment status update is needed (gardener/machine-controller-manager#834, @ialidzhikov)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.74.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.74.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.74.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.74.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.74.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.74.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.74.0
Published by gardener-robot-ci-1 over 1 year ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.71.6
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.71.6
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.71.6
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.71.6
operator: eu.gcr.io/gardener-project/gardener/operator:v1.71.6
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.71.6
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.71.6
Published by gardener-robot-ci-1 over 1 year ago
Machine
objects. This fix is relevant if feature gate MachineControllerManagerDeployment
is enabled in your landscape. (gardener/gardener#8123, @gardener-ci-robot)Deploying Shoot namespace in Seed
step was slightly improved. Earlier it failed at some occasions when it tried to read zone information for volumes that have not been created yet. This was a transient error that dissolved in subsequent reconcile runs. (gardener/gardener#8118, @gardener-ci-robot)ManagedResource
, has been increased from 1m
to 3m
. (gardener/gardener#8090, @gardener-ci-robot)apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.73.1
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.73.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.73.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.73.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.73.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.73.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.73.1
Published by gardener-robot-ci-1 over 1 year ago
terraformer
library will now skip deletion of the Terraformer pod when the request context has been canceled. This change aims to prevent inconsistencies in Terraform state by attempting to allow uninterrupted execution of healthy Terraformer pods. (gardener/gardener#8107, @gardener-ci-robot)garden/fluent-bit
that caused a failure in creating networkpolicies
for scraping metrics. (gardener/gardener#8074, @gardener-ci-robot)Deploying Shoot namespace in Seed
step was slightly improved. Earlier it failed at some occasions when it tried to read zone information for volumes that have not been created yet. This was a transient error that dissolved in subsequent reconcile runs. (gardener/gardener#8119, @gardener-ci-robot)ManagedResource
, has been increased from 1m
to 3m
. (gardener/gardener#8091, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.72.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.72.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.72.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.72.2
operator: eu.gcr.io/gardener-project/gardener/operator:v1.72.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.72.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.72.2
Published by gardener-robot-ci-2 over 1 year ago
terraformer
library will now skip deletion of the Terraformer pod when the request context has been canceled. This change aims to prevent inconsistencies in Terraform state by attempting to allow uninterrupted execution of healthy Terraformer pods. (gardener/gardener#8108, @gardener-ci-robot)garden/fluent-bit
that caused a failure in creating networkpolicies
for scraping metrics. (gardener/gardener#8077, @timuthy)Deploying Shoot namespace in Seed
step was slightly improved. Earlier it failed at some occasions when it tried to read zone information for volumes that have not been created yet. This was a transient error that dissolved in subsequent reconcile runs. (gardener/gardener#8117, @gardener-ci-robot)ManagedResource
, has been increased from 1m
to 3m
. (gardener/gardener#8092, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.71.5
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.71.5
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.71.5
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.71.5
operator: eu.gcr.io/gardener-project/gardener/operator:v1.71.5
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.71.5
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.71.5
Published by gardener-robot-ci-3 over 1 year ago
.spec.secretRef
in the Seed
API has been deprecated and will be removed in a future release of Gardener. (gardener/gardener#8064, @acumino)gardener-apiserver
to encrypt the internalsecrets.core.gardener.cloud
resource in etcd. (gardener/gardener#8078, @timebertt)SeedChange
and CopyEtcdBackupsDuringControlPlaneMigration
have been removed. (gardener/gardener#8008, @rfranzke)FullNetworkPolicies
and HAControlPlanes
have been promoted to GA and are now locked to "unconditionally enabled". (gardener/gardener#8008, @rfranzke)APIServerSNI
has been removed. (gardener/gardener#8062, @rfranzke)controllerutils.GetAndCreateOrMergePatch
, controllerutils.GetAndCreateOrStrategicMergePatch
, controllerutils.CreateOrGetAndMergePatch
and controllerutils.CreateOrGetAndStrategicMergePatch
were incompatibly changed and now accept a controllerutils.PatchOption
instead of client.MergeFromOption
. (gardener/gardener#8043, @timuthy)
client.MergeFromOption
, you should update it to controllerutils.PatchOption
.controllerutils.PatchOption
can hold two options today:client.MergeFromOption
which is passed to the underlying patch function.controllerutils.SkipEmptyPatch
which prevents sending empty patches ({}
).DisableScalingClassesForShoots
has been introduced on gardenlet
. If turned on, initial resource requests for kube-apiserver
s of shoot clusters running on seed clusters which enable the HVPA
feature gate are assigned statically and no longer by a scaling class determined by maximum node count. This helps to reduce resource waste for clusters with little usage. (gardener/gardener#8003, @voelzmo)MachineControllerManagerDeployment
has been introduced in gardenlet
. Only enable it when all registered provider extensions in your landscape support this feature. (gardener/gardener#8018, @rfranzke)core.gardener.cloud/v1beta1.InternalSecret
API, see the documentation for more information. (gardener/gardener#8025, @timebertt)gardenlet
's ManagedSeed
controller now cleans up the referred seed secret when .spec.secretRef
is unset in the seed template. (gardener/gardener#8039, @shafeeqes)Service
s related to extensions serving webhook handlers that must be reached by kube-apiserver
s running in separate namespaces such that the respective network traffic gets allowed. Please refer to this guide for all information. Extensions serving shoot webhook should make use of this new approach - the old functionality deploying dedicated NetworkPolicy
s is deprecated and will be removed in the future. (gardener/gardener#8076, @rfranzke)gardenlet
's ControllerInstallation
controller now populates the feature gate of gardenlet
via the Helm values to extensions when they are getting installed. The information is populated via the .gardener.gardenlet.featureGates
key. It contains a map whose keys are feature gates names and whose values are booleans (depicting the enablement status). (gardener/gardener#8011, @rfranzke)machine-controller-manager
sidecar container into the machine-controller-manager
deployment instead of managing the full deployment themselves. In the future, gardenlet
will take over managing it. Please see https://github.com/gardener/gardener/pull/8019 for an example how provider-local
was adapted and replicate it for your provider extensions. (gardener/gardener#8018, @rfranzke)machine-controller-manager
deployment or the machines/nodes. In the future, gardenlet
will take over performing these checks. Please see https://github.com/gardener/gardener/pull/8019 for an example how provider-local
was adapted and replicate it for your provider extensions. (gardener/gardener#8056, @rfranzke)kube-system
namespace only if there is no objectSelector provided in webhook. (gardener/gardener#8034, @acumino)garden/fluent-bit
that caused a failure in creating networkpolicies
for scraping metrics. (gardener/gardener#8069, @timuthy)terraformer
library will now skip deletion of the Terraformer pod when the request context has been canceled. This change aims to prevent inconsistencies in Terraform state by attempting to allow uninterrupted execution of healthy Terraformer pods. (gardener/gardener#8059, @kon-angelo)pkg/resourcemanager/controller/garbagecollector/references.InjectAnnotations
now also handles pods.spec.imagePullSecrets
. (gardener/gardener#8028, @vpnachev)nginx-ingress-controller-seed
image is updated to v1.8.0
for 1.24.x+
seeds. (gardener/gardener#8021, @shafeeqes)20
. This is necessary to create and update NetworkPolicies
in time, esp. on larger seed clusters. (gardener/gardener#8035, @timuthy)gardenlet
is taking over management of the CustomResourceDefinition
s for the machine.sapcloud.io/v1alpha1
API group, hence extensions do no longer need to take care. Consequently, the extensions/pkg/controller/worker.Options
struct as well as the extensions/pkg/controller/worker.ApplyMachineResources{ForConfig}
functions are deprecated and will be removed in a future release. (gardener/gardener#8015, @rfranzke)garden.local.gardener.cloud
DNS name in the containerd config when configuring registry mirror hostnames. Previously, to access the pull through registry cache some kind clusters were configured to use garden.local.gardener.cloud
, others - the Node name of the control plane Node. (gardener/gardener#8063, @ialidzhikov)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.73.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.73.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.73.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.73.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.73.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.73.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.73.0
Published by gardener-robot-ci-1 over 1 year ago
20
. This is necessary to create and update NetworkPolicies
in time, esp. on larger seed clusters. (gardener/gardener#8046, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.71.4
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.71.4
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.71.4
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.71.4
operator: eu.gcr.io/gardener-project/gardener/operator:v1.71.4
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.71.4
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.71.4
Published by gardener-robot-ci-3 over 1 year ago
20
. This is necessary to create and update NetworkPolicies
in time, esp. on larger seed clusters. (gardener/gardener#8055, @timuthy)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.70.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.70.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.70.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.70.3
operator: eu.gcr.io/gardener-project/gardener/operator:v1.70.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.70.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.70.3
Published by gardener-robot-ci-3 over 1 year ago
kube-system
namespace only if there is no objectSelector provided in webhook. (gardener/gardener#8045, @gardener-ci-robot)20
. This is necessary to create and update NetworkPolicies
in time, esp. on larger seed clusters. (gardener/gardener#8044, @timuthy)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.72.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.72.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.72.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.72.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.72.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.72.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.72.1
Published by gardener-robot-ci-1 over 1 year ago
core/v1alpha1
API version is dropped. Make sure that you don't use the core/v1alpha1
API version in your machinery. (gardener/gardener#7965, @ary1992)alpha.featuregates.shoot.gardener.cloud/apiserver-sni-pod-injector
annotation has been dropped and is no longer available for Shoot
s. It should be removed from all existing Shoot
resources. (gardener/gardener#7980, @rfranzke)ConfigMap
or Secret
in .spec.resources
in Shoot
s is now forcefully removed. New validation has been introduced to prevent adding other resources in the future. (gardener/gardener#7995, @acumino)kube-system
namespace. (gardener/gardener#7902, @acumino)core/v1alpha1
API version is dropped. Before upgrading to this version, make sure that there are no resources in the etcd stored in the core/v1alpha1
API version. Otherwise, the [email protected] will fail to start..spec.settings.ownerChecks.enabled
field is locked to false
(i.e. if the field value is true a validation error will be returned). Before updating to this version of Gardener, set .spec.settings.ownerChecks.enabled
field to false
for you Seeds and ManagedSeeds. (gardener/gardener#7909, @dimitar-kostadinov)ControllerRegistrations
s for Kinds ControlPlane
, Infrastructure
and Worker
with the same types used for seeds (seed.spec.provider.type
). This is already the case if seeds and shoots share the same cloud provider. The seed reconciliation flow waits for the associated ControllerInstallation
to be ready before continuing rolling out seed system components. It allows Gardener provider extensions to ship components that not only act on shoot control-plane but also on seed system components. (gardener/gardener#7928, @timuthy){github.com/gardener/gardener/pkg/apis/core/helper,github.com/gardener/gardener/pkg/apis/core/v1beta1/helper}.SeedSettingOwnerChecksEnabled
will now return false
if the corresponding Seed setting is nil
. Previously, the func was returning true
when the Seed setting is nil
. (gardener/gardener#7909, @dimitar-kostadinov)github.com/gardener/gardener/pkg/controllerutils/predicate.IsBeingMigratedPredicate
, github.com/gardener/gardener/pkg/controllerutils/predicate.IsObjectBeingMigrated
and github.com/gardener/gardener/pkg/utils/gardener.IsObjectBeingMigrated
funcs are now removed. (gardener/gardener#7909, @dimitar-kostadinov)kube-apiserver
s does now include the CA certificates used to sign their server certificates. (gardener/gardener#7961, @rfranzke)gardener-operator
configures SNI components in order to expose the virtual-garden-kube-apiserver
via the istio-ingressgateway
in the Garden cluster. (gardener/gardener#7953, @timuthy)
virtual-garden-kube-apiserver
service to the istio-ingress
service endpoint. The type of the virtual-garden-kube-apiserver
service will soon be switched from LoadBalancer
to ClusterIP
.provider-local
, the full migration and restoration logic implemented in the extensions library (generic Worker
actuator) is now executed (previously, it was skipped). This improves the accuracy of the e2e tests for control plane migration. (gardener/gardener#7981, @rfranzke)ConfigMap
s in .spec.resources
in Shoot
s has been fixed. (gardener/gardener#7995, @acumino)Secret
s or ConfigMap
s in .spec.resources
in Shoot
s has been fixed. (gardener/gardener#7995, @acumino)NetworkPolicy
reconciler is only added to gardener-operator
if the .spec.runtimeCluster.networking.{pods,services}
fields of the Garden
are set. (gardener/gardener#7983, @shafeeqes)gardener-dwd
channel (private) on releases.make check
target (gardener/dependency-watchdog#87, @unmarshall)3.15.7
to 3.15.8
(gardener/etcd-backup-restore#612, @aaronfern)3.15.7
to 3.15.8
(gardener/etcd-custom-image#32, @aaronfern)make ci-e2e-kind
to run the e2e tests on local machine (gardener/etcd-druid#547, @abdasgupta)Role
helm charts and converted into Golang component with added unit tests. (gardener/etcd-druid#538, @seshachalam-yv)RoleBinding
helm charts and converted into Golang component with added unit tests. (gardener/etcd-druid#539, @seshachalam-yv)v3.4.13-bootstrap-9
to v3.4.13-bootstrap-10
(gardener/etcd-druid#575, @aaronfern)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.72.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.72.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.72.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.72.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.72.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.72.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.72.0
Published by gardener-robot-ci-1 over 1 year ago
gardenlet
to panic when admission-controller
is upgraded to v1.71
but gardenlet is still on v1.70
. (gardener/gardener#7989, @acumino)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.71.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.71.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.71.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.71.3
operator: eu.gcr.io/gardener-project/gardener/operator:v1.71.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.71.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.71.3
Published by gardener-robot-ci-2 over 1 year ago
NetworkPolicy
reconciler is only added to gardener-operator
if the .spec.runtimeCluster.networking.{pods,services}
fields of the Garden
are set. (gardener/gardener#7986, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.71.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.71.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.71.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.71.2
operator: eu.gcr.io/gardener-project/gardener/operator:v1.71.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.71.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.71.2
Published by gardener-robot-ci-3 over 1 year ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.71.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.71.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.71.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.71.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.71.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.71.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.71.1
Published by gardener-robot-ci-2 over 1 year ago
Shoot.Spec.ControlPlane.HighAvailability.FailureTolerance.Type
if shoot is hibernated. (gardener/gardener#7922, @gardener-ci-robot)kube-proxy
s from being missing after a Shoot
has been woken up from hibernation. (gardener/gardener#7919, @gardener-ci-robot)cgroupDriver
of provider-local
to systemd
. (gardener/gardener#7805, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.68.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.68.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.68.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.68.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.68.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.68.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.68.1
Published by gardener-robot-ci-2 over 1 year ago
Namespace
s are no longer deleted (and forcefully finalized after some grace period), the shoot.gardener.cloud/cleanup-namespaces-finalize-grace-period-seconds
annotation does no longer have any effect. Relevant Kubernetes resources are still cleaned up (see this document) for more information. (gardener/gardener#7864, @rfranzke)providerConfig
fields is no longer permitted (deprecated since more than 2y
). Ensure that you always use a versioned API. (gardener/gardener#7868, @rfranzke)v1.27
, Gardener enforces a worker.maximum
configuration for system component worker pools. The value must be greater or equal to the number of zones configured for this pool. This ensures, that the pool has the minimum required nodes to schedule system component across nodes. (gardener/gardener#7878, @timuthy)1.27
and higher. (gardener/gardener#7883, @ary1992)1.27
and higher, the .spec.kubernetes.kubeControllerManager.podEvictionTimeout
field has no effect anymore since the backing --pod-eviction-timeout
CLI flag has been removed. (gardener/gardener#7883, @ary1992).spec.kubernetes.kubeAPIServer.enableBasicAuthentication
has been removed from the Shoot API. Please check your Shoot
s manifests and remove the .spec.kubernetes.kubeAPIServer.enableBasicAuthentication
field. (gardener/gardener#7886, @dimitar-kostadinov)Shoot.Spec.ControlPlane.HighAvailability.FailureTolerance.Type
if shoot is hibernated. (gardener/gardener#7894, @aaronfern)fluent-bit
-related configuration options have been removed from gardenlet
's component configuration. (gardener/gardener#7568, @Kristian-ZH)FullNetworkPoliciesInRuntimeCluster
feature gate has been promoted to beta and is now turned on by default. Before deploying this Gardener version, make sure that all your registered extensions support this feature gate. (gardener/gardener#7866, @rfranzke)HAControlPlanes
feature gate has been promoted to beta and is now turned on by default. (gardener/gardener#7867, @timuthy)allow-{to,from}-shoot-apiserver
NetworkPolicy
s have been dropped. Ensure that all registered extensions have been adapted. (gardener/gardener#7868, @rfranzke)identity
value is no longer passed when ControllerInstallation
Helm charts are deployed. (gardener/gardener#7868, @rfranzke)lastUpdateTime
of extension conditions is no longer considered. Ensure that all registered extensions populate the lastHeartbeatTime
field instead. (gardener/gardener#7868, @rfranzke)pkg/operation/botanist/component/*
resources have been moved to pkg/component/*
. (gardener/gardener#7938, @rfranzke)gardenlet
will no longer respect ConfigMap
s labeled with extensions.gardener.cloud/configuration=logging
. The way to deploy a new filter or parser configuration is to create ClusterFilter
s or ClusterParser
s custom resources in the seed cluster. (gardener/gardener#7568, @Kristian-ZH)gardener/gardener
version need to provide RBAC privileges for PATCH apps/depoyments/scale
. (gardener/gardener#7868, @rfranzke)seed-prometheus
must annotate their pods with prometheus.io/scrape=true
along with prometheus.io/name=<name>
. See https://github.com/gardener/gardener/blob/master/docs/monitoring/README.md#seed-prometheus for more details. (gardener/gardener#7885, @shafeeqes)WorkerlessShoots
feature gate in the gardener-apiserver
is enabled. Please see this document for more details. (gardener/gardener#7882, @shafeeqes)fluent-operator
is now installed in the garden
namespace of seed clusters and will take care of the entire lifecycle of the fluent-bit
DaemonSet
. (gardener/gardener#7568, @Kristian-ZH)gardener-operator
now enables full NetworkPolicy
protection for the garden cluster. In case your garden cluster is a seed at the same time, make sure to keep the values of the FullNetworkPoliciesInRuntimeCluster
feature gate in sync for both gardener-operator
and gardenlet
. (gardener/gardener#7859, @rfranzke)gardenlet
and gardener-operator
managed deployment
s and statefulset
s can now be equipped with toleration seconds for taints node.kubernetes.io/not-ready
and node.kubernetes.io/unreachable
. (gardener/gardener#7861, @timuthy)
gardenlet
, gardener-operator
) for more information.gardenlet
and gardener-operator
Helm charts allow to define toleration seconds for node.kubernetes.io/not-ready
and node.kubernetes.io/unreachable
. This configuration considered for their own Deployment as well as the Gardenlet's or Operator's config. The values are set to 60s
by default. (gardener/gardener#7861, @timuthy)workerlessSupported
is added under spec.resources
in the ControllerRegistration
API. (gardener/gardener#7863, @ary1992)gardener-operator
is now managing the gardener-resource-manager
instance as part of the virtual garden cluster control plane. It provides a TokenRequest
API-based kubeconfig for gardener-operator
to access the virtual garden cluster. The static token kubeconfig is now unconditionally disabled. (gardener/gardener#7881, @oliver-goetz)NetworkPolicy
controllers of gardener-operator
or gardenlet
. The selectors must be provided via their component configs. Please consult this document for further insights. (gardener/gardener#7929, @rfranzke)gardener-operator
is now managing the kube-controller-manager
instance as part of the virtual garden cluster control plane. (gardener/gardener#7931, @rfranzke)kube-apiserver
pods of shoot or garden clusters to reach webhook servers, they must no longer be explicitly labeled with networking.resources.gardener.cloud/to-<service-name>-<protocol>-<port>=allowed
. Instead, it is enough to annotate the Service
of the webhook server with networking.resources.gardener.cloud/from-all-webhook-targets-allowed-ports=<ports>
. (gardener/gardener#7907, @rfranzke)extensions.gardener.cloud/v1alpha1.Extension
resources need to make adaptions if needed and then set spec.resources[].workerlessSupported
to true
in the ControllerRegistration
for their respective extension type. (gardener/gardener#7863, @ary1992)Shoot
clusters to stuck when a namespace was forcefully removed before all relevant resources have been cleaned up. (gardener/gardener#7864, @rfranzke)kube-proxy
s from being missing after a Shoot
has been woken up from hibernation. (gardener/gardener#7912, @rfranzke)VPN Seed (CPU| Memory) Usage
dashboards not showing data is now fixed. (gardener/gardener#7865, @Sallyan)networking.resources.gardener.cloud/from-world-to-ports
annotation from being reached from internal IP addresses when the cluster was using Cilium as CNI. (gardener/gardener#7884, @ScheererJ)Istio-Ingress
being blocked. This is only relevant if seed(s) specify additional load balancer annotations via seed.spec.settings.loadBalancerServices.annotations
. (gardener/gardener#7910, @timuthy)TODO
statements has been introduced. (gardener/gardener#7939, @rfranzke)--node-monitor-grace-period
flag of kube-controller-manager
is now defaulted to 40s
for Shoot clusters using Kubernetes version 1.27
and higher. (gardener/gardener#7883, @ary1992)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.21.5
-> v1.21.6
(for Kubernetes 1.21
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.22.5
-> v1.22.6
(for Kubernetes 1.22
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.23.3
-> v1.23.4
(for Kubernetes 1.23
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.24.2
-> v1.24.3
(for Kubernetes 1.24
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.25.2
-> v1.25.3
(for Kubernetes 1.24
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.26.1
-> v1.26.2
(for Kubernetes 1.26
)info
to error
(gardener/gardener#7942, @nickytd)nginx-ingress-controller-seed
image is updated to v1.7.1
for 1.24.x+
seeds. (gardener/gardener#7904, @shafeeqes)service.kubernetes.io/topology-mode=auto
annotation when enabling topology-aware routing for a Service when the Kubernetes version of the runtime cluster is >= 1.27. In Kubernetes 1.27, the service.kubernetes.io/topology-aware-hints=auto
annotation is deprecated in favor of the newly introduced service.kubernetes.io/topology-mode=auto
(gardener/gardener#7933, @ialidzhikov)check-apidiff
check was changed to only report incompatible and critical changes which need inspection from the developer's side. (gardener/gardener#7936, @timuthy)networking.resources.gardener.cloud/from-policy-pod-label-selector
and networking.resources.gardener.cloud/from-policy-allowed-ports
annotations are now deprecated and will be removed in the future. Use networking.resources.gardener.cloud/from-<pod-label-selector>-allowed-ports=<ports>
instead. (gardener/gardener#7907, @rfranzke)nginx-ingress-controller
image is updated to v1.3.0
for v1.22+
shoots. (gardener/gardener#7932, @shafeeqes)k8s.io/client-go
from v0.17.0 to v0.26.2 (gardener/logging#188, @vlvasilev)1.20.2
to 1.20.4
(gardener/vpn2#32, @MartinWeindel)1.19.5
to 1.20.2
(gardener/vpn2#30, @MartinWeindel)1.16.3
to 1.16.5
(gardener/vpn2#30, @MartinWeindel)1.25.0
to 1.26.2
(gardener/vpn2#30, @MartinWeindel)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.71.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.71.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.71.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.71.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.71.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.71.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.71.0
Published by gardener-robot-ci-1 over 1 year ago
Shoot.Spec.ControlPlane.HighAvailability.FailureTolerance.Type
if shoot is hibernated. (gardener/gardener#7921, @gardener-ci-robot)kube-proxy
s from being missing after a Shoot
has been woken up from hibernation. (gardener/gardener#7918, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.69.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.69.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.69.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.69.3
operator: eu.gcr.io/gardener-project/gardener/operator:v1.69.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.69.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.69.3
Published by gardener-robot-ci-2 over 1 year ago
Shoot.Spec.ControlPlane.HighAvailability.FailureTolerance.Type
if shoot is hibernated. (gardener/gardener#7920, @gardener-ci-robot)kube-proxy
s from being missing after a Shoot
has been woken up from hibernation. (gardener/gardener#7917, @gardener-ci-robot)Istio-Ingress
being blocked. This is only relevant if seed(s) specify additional load balancer annotations via seed.spec.settings.loadBalancerServices.annotations
. (gardener/gardener#7911, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.70.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.70.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.70.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.70.2
operator: eu.gcr.io/gardener-project/gardener/operator:v1.70.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.70.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.70.2
Published by gardener-robot-ci-2 over 1 year ago
networking.resources.gardener.cloud/from-world-to-ports
annotation from being reached from internal IP addresses when the cluster was using Cilium as CNI. (gardener/gardener#7890, @gardener-ci-robot)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.21.5
-> v1.21.6
(for Kubernetes 1.21
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.22.5
-> v1.22.6
(for Kubernetes 1.22
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.23.3
-> v1.23.4
(for Kubernetes 1.23
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.24.2
-> v1.24.3
(for Kubernetes 1.24
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.25.2
-> v1.25.3
(for Kubernetes 1.24
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.26.1
-> v1.26.2
(for Kubernetes 1.26
)gardenlet
to run into CrashLoopBackoff
when following the docs/development/getting_started_locally.md#remote-local-setup guide. (gardener/gardener#7843, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.69.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.69.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.69.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.69.2
operator: eu.gcr.io/gardener-project/gardener/operator:v1.69.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.69.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.69.2